Windows Server Config on GoDaddy IIS7

Question

ryantroop 177 Practically a Master Poster

11 Years Ago

Hi All!

So, I have a shared windows host with IIS 7 with godaddy, so that I can use MSSQL/TSQL (which, as I understand it, is not available with Linux).

However, my server configuration education was with Linux, and focused on the wonderful all encompassing .htaccess file to configure environment variables, webroot, includes default folder, etc...

Is there is a simple way to do this with godaddy's set up? If not, what are my alternatives to protect passwords from web access, and preventing other very simple security vulnerabilities with IIS? How can I set environment variables that are free from prying eyes that I Can store password salt and other sensitive info that is meant to be private?

Am I just using IIS incorrectly in how I set this up? Or is the beliefe that php is secure enough that it doesn't need a webroot that is held in another file?

Any suggestions?

Thanks,

Ryan

apache windows-server

2 Contributors
7 Replies
239 Views
3 Hours Discussion Span
Latest Post 11 Years Ago Latest Post by stormal1

stormal1 0 Junior Poster in Training

11 Years Ago

You really should direct your query to GoDaddy support staff as you are not configuring a local IIS server and must utilize their own online configuration tools. Server Side code via PHP, ASP.net or similar can be used for secure access however secure .hta access is not possible on IIS. Both PHP and ASP can be securely utilized with MSSQL.

stormal1 0 Junior Poster in Training

11 Years Ago

The credentials are transmitted from IIS/PHP to MSSQL via TCP.

My own website is one such example -http://www.site-smith.com/

Edited 11 Years Ago by stormal1 because: typo

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

ryantroop 177 Practically a Master Poster · Answer 1 · 2013-01-15T05:23:26+00:00

I did call them, and they weren't terribly helpful.

I was hoping for a more clear answer than the "help" they gave which was a link to domain forwarding, which didn't help with environ globals.

Am I being paranoid in that I want my db password/etc.. stored separately from the web root?

stormal1 0 Junior Poster in Training · Answer 2 · 2013-01-15T05:40:03+00:00

MSSQL db passwords are not stored in the webroot. They are stored in the SQL server itself. If your code has been implemented properly no one can access your stored db connection credentials.
You can also create a secured local ODBC connection to a remote server and utilize Microsoft's MSSQL remote administration/management console if you so desire.

ryantroop 177 Practically a Master Poster · Answer 3 · 2013-01-15T05:47:41+00:00

so a connection to the DB with PHP on a windows server is integrated? So I Can just access the db/table without any user/pass being passed through the mysqli api?

ryantroop 177 Practically a Master Poster · Answer 4 · 2013-01-15T05:53:27+00:00

Ahh.. so it was a fundamental misunderstanding of how the connection process works.

Thanks for clearing that up.. That makes things easy.

Now for figuring out how to salt passwords with a hidden variable.. or just time to learn a new method for password hashing... have any advice on that?

stormal1 0 Junior Poster in Training · Answer 5 · 2013-01-15T06:02:58+00:00

You'll find this helpful

http://phpsec.org/articles/2005/password-hashing.html